Targeting a single employee: Spearphishing at DePaul

As reported 13 hours ago in WXXI News (read the full DePaul explanation here), "a single employee's email account" was phished, hooked, and netted the hackers 41,000 emails. Since DePaul.org is NOT DMARC enforced/protected, it is most likely the phished thought he/she was getting a legitimate request from another DePaul employee. "…a person outside of the DePaul organization obtained the e-mail credentials of a staff member…" While it's not clear whether DMARC enforcement would have protected DePaul, it is clear that morons are the weak link in any system. And a spear phishing exploit aimed at a single employee can be very effective. Just ask the DNC.